/hg/icedtea6: netx: do not prompt user multiple times for the sa...

omajid at icedtea.classpath.org omajid at icedtea.classpath.org
Mon Oct 18 09:32:11 PDT 2010 

changeset 40cb6a09efea in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=40cb6a09efea
author: Omair Majid <omajid at redhat.com>
date: Mon Oct 18 12:31:46 2010 -0400

	netx: do not prompt user multiple times for the same certificate

	2010-10-18 Omair Majid <omajid at redhat.com>

	 *
	netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java:
	Add temporarilyUntrusted. (checkServerTrusted): Only prompt user
	if the certificate was not untrusted. (temporarilyUntrust):
	New method. (isTemporarilyUntrusted): New method.


diffstat:

2 files changed, 42 insertions(+), 5 deletions(-)
ChangeLog                                                        |    9 ++
netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java |   38 ++++++++--

diffs (79 lines):

diff -r a944742cdfa9 -r 40cb6a09efea ChangeLog
--- a/ChangeLog	Mon Oct 18 16:04:02 2010 +0100
+++ b/ChangeLog	Mon Oct 18 12:31:46 2010 -0400
@@ -1,3 +1,12 @@ 2010-10-18  Andrew John Hughes  <ahughes
+2010-10-18  Omair Majid  <omajid at redhat.com>
+
+	* netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java:
+	Add temporarilyUntrusted.
+	(checkServerTrusted): Only prompt user if the certificate was not
+	untrusted.
+	(temporarilyUntrust): New method.
+	(isTemporarilyUntrusted): New method.
+
 2010-10-18  Andrew John Hughes  <ahughes at redhat.com>
 
 	* Makefile.am:
diff -r a944742cdfa9 -r 40cb6a09efea netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
--- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Mon Oct 18 16:04:02 2010 +0100
+++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java	Mon Oct 18 12:31:46 2010 -0400
@@ -66,7 +66,8 @@ public class VariableX509TrustManager ex
     X509TrustManager userTrustManager = null;
     X509TrustManager caTrustManager = null;
 
-    ArrayList<Certificate> temporarilyTrusted = new ArrayList();
+    ArrayList<Certificate> temporarilyTrusted = new ArrayList<Certificate>();
+    ArrayList<Certificate> temporarilyUntrusted = new ArrayList<Certificate>();
 
     static VariableX509TrustManager instance = null;
 
@@ -192,11 +193,14 @@ public class VariableX509TrustManager ex
             if (checkOnly) {
                 throw ce;
             } else {
+                if (!isTemporarilyUntrusted(chain[0])) {
+                    boolean b = askUser(chain, authType, trusted, CNMatched, hostName);
 
-                boolean b = askUser(chain, authType, trusted, CNMatched, hostName);
-
-                if (b) {
-                    temporarilyTrust(chain[0]);
+                    if (b) {
+                        temporarilyTrust(chain[0]);
+                    } else {
+                        temporarilyUntrust(chain[0]);
+                    }
                 }
 
                 checkAllManagers(chain, authType);
@@ -247,6 +251,30 @@ public class VariableX509TrustManager ex
     }
 
     /**
+     * Temporarily untrust the given cert - do not ask the user to trust this
+     * certificate again
+     *
+     * @param c The certificate to trust
+     */
+    private void temporarilyUntrust(Certificate c) {
+        temporarilyUntrusted.add(c);
+    }
+
+    /**
+     * Was this certificate explicitly untrusted by user?
+     *
+     * @param c the certificate
+     * @return true if the user was presented with this certificate and chose
+     * not to trust it
+     */
+    private boolean isTemporarilyUntrusted(Certificate c) {
+        if (temporarilyUntrusted.contains(c)) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
      * Temporarily trust the given cert (runtime)
      *
      * @param c The certificate to trust

More information about the distro-pkg-dev mailing list